Domain Name and Addressing System
Overview The Domain Name and Addressing System (DNS) is a distributed database residing in computers around the world that is used to translate alphanumeric domain names into the equivalent numeric Internet Protocol (IP) address used by computers to find a website. It is a critical component of the Internet infrastructure and is used by almost every Internet protocol-based application to associate human-readable computer hostnames with the numerical addresses required to deliver information on the Internet. Historical Background In the early days of computer networks, the address system used to permit one computer to communicate with another was cumbersome. Each computer had to have a unique 32-digit number called an Internet Protocol (IP) address, so that it could transmit information to, and receive information from, other computers on the network. To make these numerical, computer-readable addresses, more user-friendly, human-readable names, which typically consist of fewer numerical and/or other characters, were adopted. Before the development of the Domain Name System, all of these address pairs — both the 32-digit numbers and the more user-friendly names associated with the number — were placed in a master "host file," which was maintained by the Stanford Research Institute pursuant to a contract with the Department of Defense. Each computer on the network had to have a copy of the host file in order to communicate with the other computers on the network. Thus, every time a new computer was added to the network, the host file had to be revised to include the new computer, and all of the computers on the network had to download the entire revised host file.David Lindsay, International Domain Name Law: ICANN and the UDRP §1.4 (2007). As the network grew and more computers were added, its operation was increasingly affected by errors and slow machine speeds caused by the continual need to download the host file. Working under funding provided by the Department of Defense, a group led by Drs. Paul Mockapetris and Jon Postel creates the domain name system (DNS) for locating networked computers by name instead of by number. The DNS is a hierarchical name system that eliminates the need for each computer to download and store every other computer’s human-readable name and corresponding computer-readable IP address. :Although its implementation is complex, the concept behind DNS is simple. The name space was divided into a hierarchy. The responsibility for assigning unique names, and for maintaining databases capable of mapping the names to specific IP addresses, was distributed down the levels of the hierarchy. The DNS is just a database — a protocol for storing and retrieving information that has been formatted in a specific way.Milton L. Mueller,Ruling the Root: Internet Governance and the Taming of Cyberspace 41 (2002). The DNS database is distributed and formulated so that “any computer on the Internet can find the information it needs to map any name to its correct IP address.”''Id.'' Following a 1997 presidential directive, the Department of Commerce began a process for transitioning the technical responsibility for the domain name system to the private sector. After requesting and reviewing public comments on how to implement this goal, in June 1998 the Department issued a general statement of policy, known as the “White Paper.” In this document, the Department stated that because the Internet was rapidly becoming an international medium for commerce, education, and communication, the traditional means of managing its technical functions needed to evolve as well. Moreover, the White Paper stated the U.S. government was committed to a transition that would allow the private sector to take leadership for the management of the domain name system. Accordingly the Department stated that the U.S. government was prepared to enter into an agreement to transition the Internet’s name and number process to a new not-for-profit organization. At the same time, the White Paper said that it would be irresponsible for the U.S. government to withdraw from its existing management role without taking steps to ensure the stability of the Internet during the transition. According to Department officials, the Department sees its role as the responsible steward of the transition process. In November 1998, the Department entered into an agreement with ICANN in the form of a Memorandum of Understanding (MOU) under which the two parties agreed to collaborate on a joint transition project. How the DNS Works The DNS is a hierarchical and globally distributed system in which distinct servers throughout the world maintain the detailed information for their local domains and pointers for how to navigate the hierarchy to retrieve information from other domains. The system works like an automated telephone directory, allowing users to reach websites using easy-to-understand domain names like www.senate.gov, instead of the string of numbers that computers use when communicating with each other. Each domain name server stores a limited set of names and numbers. They are linked by a series of 13 root servers, which coordinate the data and allow users to find the server that identifies the site they want to reach. Domain name servers are organized into a hierarchy that parallels the organization of the domain names. For example, when someone wants to reach the website at www.senate.gov, his or her computer will ask one of the root servers for help.This example assumes that the required domain name information is not available on the user’s local network. The root server will direct the query to a server that knows the location of names ending in the .gov top-level domain. If the address includes a sub-domain, the second server refers the query to a third server — in this case, one that knows the address for all names ending in senate.gov. This server will then respond to the request with an numerical address, which the original requester uses to establish a direct connection with the www.senate.gov site. Figure 3 illustrates this example. The accuracy, integrity, and availability of the information supplied by the DNS are essential to the operation of any system, service or application that uses the Internet. The DNS was not originally designed with strong security mechanisms to ensure the integrity and authenticity of the DNS data. Over the years, a number of vulnerabilities have been identified in the DNS protocol that threaten the accuracy and integrity of the DNS data and undermine the trustworthiness of the system. Technological advances in computing power and network transmission speeds have made it possible to exploit these vulnerabilities more rapidly and effectively.See National Research Council, The National Academies, Signposts in Cyberspace: The Domain Name System and Internet Navigation 154 (2005)(Signposts)http://www.nap.edu/catalog.php?record_id=11258; Department of Homeland Security, National Security Division, and National Institute of Standards and Technology, National Vulnerability Database, Vulnerability Summary for CVE-2008-1447 (Original release date July 08, 2008; last revised September 17, 2008)http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2008-1447(This site provides a list of most recent advisories regarding DNS vulnerabilities including DNS spoofing, cache poisoning, etc., and includes links to tools and solutions). References See also * DNSSEC Protocol * Domain name administration * Domain name registration Category:Domain name Category:Internet Category:Technology